procmail
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Buy Xanax®:

2003-10-27 11:54:58
from [Professional Software Engineering] [Permanent Link] 
At 12:14 2003-10-27 +0500, Mahmood Iqbal Hashmi wrote:

I am getting too much emails from various clients but the email body
is the same whenever the sender address is change always. So, I put
some rows in /etc/procmailrc to stop these emails as some one adviced
me before but email is still comming.
Generally speaking, tagging *PHRASES* is a losing battle. So is checking the BODY for them, considering the different ways a body can be encoded (BASE64, HTML with interspersed comments, HTML ordinals, etc). 


My /etc/procmailrc:
-------------------
:0 B
* 1^0 (filename|name)=.*\.
(bat|lnk|scr|cpl|pif|cmd|com|dll|vbs|Installer573.exe)
This sort of rule should be SEPARATE from the other cruft (since it seems to be a VIRUS filter, not a drug one. Also, the DOT in the "installer573.exe" should be escaped. 


* 1^0 ^Buy Vicodin Online!
* 1^0 ^Buying it online is easy and legal
* 1^0 ^No Prior Prescription needed!
* 1^0 ^Free Online Consultation!
* 1^0 ^Free Fedex Delivery!!
/var/log/virus/BayVicodinOnline
Might be easier to weigh things: add points for _each_ occurrence of keywords. That way, you can move away from looking at specific phrases.
Also, anchoring these phrases to the BEGINNING OF THE LINE probably isn't a great idea if you're going to use complete phrases: a single whitespace, or some HTML construct, and what you THINK is at the beginning of a line when viewing it in your MUA, really isn't.
What's with filing them under /var/log ? These are MESSAGES, not a log of events. 

:0:
* -20
* ^10^1 B ?? (Xanax|Purple\>+Pill|Nexium|Viagra|Vicodin|Valium)
drug_cruft.mbx
You might even adopt the haxor-speak script that was posted to this list over the weekend for vicodin, and adopt it for others. That deals with things like spammers using "1" (one) in place of an "l" (ell), etc. 


Email-3:
Sizinle baðlantý kurdum çünkü eðer aradýðým kiþiyseniz sahip olduðum
þey sizin için çok ciddi ve özel bir teklif olabilir.
There have been "hibit" filters posted to this list in the past. I've also composed an extensive language/charset filter, wherein you define what languages you _don't_ correspond in, and messages arriving in those encodings are flagged. 

---
 Sean B. Straw / Professional Software Engineering

 Procmail disclaimer: <http://www.professional.org/procmail/disclaimer.html>
 Please DO NOT carbon me on list replies.  I'll get my copy from the list.



_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: procmail seems to not work consistently, R A Lichtensteiger
Next by Date:  Escaping exclamation, greater than, less than inside of a recipe, Birl
Previous by Thread:  Buy Xanax®:, Mahmood Iqbal Hashmi
Next by Thread:  (no subject), Charles Gregory
Indexes:  [Date] [Thread] [Top] [All Lists]